RE: exploit code targeting OpenSSL and Mod_SSL ?

From: Arne Ansper (arneat_private)
Date: Wed Apr 16 2003 - 02:12:27 PDT

Next message: Simayi: "Re: exploit code targeting OpenSSL and Mod_SSL ?"

Previous message: Pete Finnigan: "65 Oracle security papers, articles and presentations"
In reply to: Don Sauer: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> There are also a number of calloc() overflow errors out there that
> affect openssl. Goto http://www.securitytracker.com and search on
> calloc() or openssl and you'll get a good list

Where do you find calloc() used in OpenSSL? OpenSSL does all memory
allocations via OPENSSL_malloc and OPENSSL_realloc wrapper functions that
use malloc and realloc by default. I just grepped OpenSSL source and did
not find a single occurence of calloc.

Arne

Next message: Simayi: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Previous message: Pete Finnigan: "65 Oracle security papers, articles and presentations"
In reply to: Don Sauer: "RE: exploit code targeting OpenSSL and Mod_SSL ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 16 2003 - 08:08:58 PDT